• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Juggernaut Security and Firewall Plesk Addon

danami

Silver Pleskian
Juggernaut Security and Firewall Extension for Plesk

Juggernaut features a SPI firewall, brute force protection, real-time connection tracking, intrusion detection, dynamic block lists, statistics and reporting, modsecurity auditing, country blocking and more cutting-edge technology to handle your security needs – all in one security extension.

Product Information
Plesk Firewall Extension | Danami

SPI Firewall
- Easy configuration directly through Parallels Plesk Panel.
- Allow or deny IP addresses permanently or temporarily (Supports adding subnets in CIDR notation).
- Ipset 6+ support for high performance firewall blocking.
- Supports advanced iptables rules for allowing or denying specific IPs or ports.
- Full command line interface for performing blocks, allows, or viewing current iptables rules.
- Supports viewing ports listening for external connections and the executables running behind them.
- Enable or disable iptables for specific network cards.
- Define permanent and temporary deny IP limits (IP addresses will get rotated automatically).
- Enable strict rules to DNS traffic.
- Filter packets for unwanted or illegal packets.
- SYN and UDP flood protection.
- Connection limit protection for protection from DOS attacks against specific ports.
- Flood protection for protection from DOS attacks against specific ports.
- Block traffic on unused IP addresses.
- Whitelist dynamic DNS IP addresses.
- Redirect connections to other ports and IP addresses.
- Block and white list specific countries on the firewall.
- Search though iptables rules to see if an IP address is blocked.
- IPv6 supported.

Brute Force Detection
- Daemon process that checks for login failures against SSH, FTP, SMTP AUTH, POP3, IMAP, BIND denied, Plesk, htpasswd, Apache 404 and 403 errors, webmail, and modsecurity 403 denied messages.
- Add your own custom regular expression matching.
- Add your own custom logs file to monitor (supports wildcard patterns).
- Supports both complete blocking or just blocking to the failed application.
- Easily adjust login failures limits per hour for each service before blocking.
- Making blocks permanent or temporary for each service.
- Get an optional email alert when trigger is blocked (includes detailed location information about the offending IP address and reason it was blocked).
- Supports defining what ports you have services running on.
- Convert a temporary block to permanent if the IP address has repeated temporary blocks.
- Block entire netblocks after repeated login failures from the same subnet.
- Ignore specific IP addresses or CIDRs from being blocked from the login failure daemon.
- Ignore specific countries from being blocked from the login failure daemon.
- Supports automatic X-ARF network abuse reporting.

Real-time Tracking
- View all network connections, Apache connections, bandwidth usage and disk I/O real-time.
- Set the page to auto refresh every X seconds.
- Each source IP address is tagged with its geolocation.
- Network connections can be filtered by protocol, TCP state, and port number.
- Search and sort network connections by connection totals, source, and location.
- Search and sort Apache connections by CPU usage, virtual host, request method, PID, Acc, Srv etc.
- Search and sort bandwidth usage by source IP, destination port, transmit and receive bandwidth totals.
- Search and sort disk I/O by process, user, disk read, disk write, swapin, and IO totals.
- Permanently deny abusing IP addresses with just a few clicks.
- Click on an IP address to see exactly what ports the IP address is connected to.

Intrusion Detection
- System integrity checking to compare md5sums of the servers OS binary application files from the time when the login failure daemon starts. Get an alert when a change is detected.
- Check /tmp and /dev/shn directories for suspicious files.
- Optionally remove any suspicious files found during directory watching and append them to a tarball.
- Add your own custom directories to watch for changes.

Tracking
- Track distributed login attacks against FTP services.
- Track POP3/IMAP login tracking to enforce logins per hour.
- Track total number of connections per IP address and block IP addresses when the limit is reached.
- Track port scans and block the offending IP address.
- Suspicious process tracking and reporting.
- Excessive user processes tracking and reporting.
- Track SSH and SU logins and get an email alert.
- Track account changes and get an email alert (account created, account deleted, password changed, UID changed, GID changed, login directory changed, login shell changed).

Security Checking
- Perform a basic security, stability and settings check on the server.
- Audit the firewall, file permissions, SSH/Telnet, and services to make sure that everything is in working order.
- Provides helpful hints on what you need to do to correct the problem.
- Gives you security score to see where your server currently ranks.
- View the report though Plesk or have it emailed to you using the command line.

Dynamic Block Lists
-
Almost 100 dynamic block lists are supported.
- Add the top blocklists like Spamhaus, DShield, BOGON, MaxMind Anonymous Proxy, Project Honey Pot, Fail2ban, OpenBL.org, Autoshun, and TOR dynamic block lists to your server.
- Each block lists is automatically updated at regular intervals that you define.
- Add your own custom block lists.
- Add your own global firewall allow, firewall deny, or login failure daemon ignore lists.

ModSecurity Auditing
- View and search through your ModSecurity audit log with ease.
- Fully supports Plesk 12 built in ModSecurity package.
- View full HTTP Transactions and alerts directly through the web interface.
- View each alert rule id that was triggered in the HTTP transaction.
- View which phase modsecurity blocked the transaction.
- View the raw HTTP transaction.
- Supports downloading the HTTP transaction.

LFD Clustering
- Share your blocks and configuration options changes across multiple servers.
- Automatically send blocks, unblocks, ignores, and allows to all members of the cluster.
- All communication between servers is encrypted using a secret key that you define.
- Define a master node that is allowed to send configuration changes across the cluster.

Messenger Service
- Display a customizable message to users informing them that they have been blocked by the firewall (Includes the server hostname and users IP address allowing them to contact you).
- Define what ports to show the HTML message or the TEXT based message. (eg. HTML based message for port 80 and TEXT based message for port 21)
- Full WYSIWYG editor for editing the HTML message.
- Set maximum concurrent connections allowed to each service server.

Geolocation Support
- Deny or allow access from specific countries on the firewall.
- Deny or allow access to specific ports from specific countries on the firewall.
- Define how often the Maxmind IP country database is updated.
- Ignore CIDR blocks smaller than a specific size to reduce the number of iptable rules on systems that cannot run ipset.

Statistics and Reporting
- Statistical graphs show server load average, CPU, Memory, Network, Disk, Disk write performance, Apache, and Mysql
- Over 14 pre-build reports included and more are being written.
- Export report data to CSV file so you can import into a spreadsheet.
- Reports are as simple a providing a SQL query and outputting to a table class.
- Write your own reports.
- Full source code is provided for all report plugins so you can them as examples.

Network Information
- Perform DNS, Whois Geo, ASN, Ping, Trace, SPF, and DNSBL and Map lookups
- Supports internationalized domain names.
- Enter your own query or choose from a select list of your servers domains and IP addresses.
- Add your own DNS servers or randomize nameservers.
- Map lookups use new Maxmind database format fully supporting IPv6.
- Automatically update the Maxmind database at specified intervals.

DNS Blacklist Check
- Check your servers IP addresses against multiple RBLs.
- Schedule a nightly check and receive an email alert if any of your IP addresses gets blacklisted.
- Supports checking your domains against SURBLs (SURBLs are lists of web sites that have appeared in unsolicited messages).
- Bulk IP address selector allows you to check multiple IP addresses at a time.
- Supports all the major RBLs: zen.spamhaus.org, bl.spamcop.net, b.barracudacentral.org, bl.score.senderscore.com etc.
- Add your own third party DNS blacklists.

Multi-Language Support
English, Deutsch, Español, Français, Italiano, Magyar, Nederlands, Polski, Português, Русский, Türkçe, Svenska, 中文, 日本語

Supported Operating Systems
Centos 8.x, Centos 7.x, Cloudlinux 8.x, Cloudlinux 7.x, Debian 10.0, Debian 9.0, RedHat Enterprise Linux 8.x, RedHat Enterprise Linux 7.x, Ubuntu 20.04, Ubuntu 18.04, Ubuntu 16.04

Supported VPS
OpenVZ, KVM, Xen, Vmware

Supported Plesk Versions
Plesk 18.x, 17.x

Third Party Software
ConfigServer Security & Firewall (csf)
 
Last edited:
I'm not even half way through the YT video and I'm already super excited!
You guys seem to have gotten a lot of things right here.

Will definitely be considering offering this on our higher end Plesk range.
 
Just a note that we are now providing free installation and basic firewall configuration services for all new clients!
 
Hello, this looks interesting at first glance, but I have some questions:

- Is Juggernaut just a frontend to CSF/LFD?
- What are the differences compared to Atomicorp's ASL? Can mod_security rules be managed with Juggernaut?

Kind regards -Stephan
 
Yes we use CSF/LFD for the iptables scripts and login failure daemon. We've customized all the settings specifically for a Plesk server. In regards to modsecurity Juggernaut was written with Plesk 12 in mind. Plesk 12 already includes an interface for managing modsecurity rules (Plesk 12 allows you to choose from various rule sets (Atomic, Comodo, OWASP, custom) and you can deactivate specific rule ids or rule tags). Our modsecurity interface allows you to efficiently view and search though your audit logs. You need to run modsecurity in "concurrent" mode so you can inspect the full HTTP transaction and see exactly what rules are triggering.

Let me know if you have any other questions :)
 
I'm a firm believer in not trying to re-invent the wheel. The CSF iptables and login failure daemon have been around for a long time and are fully battle tested. Also Chirpy (the developer) has done a great job providing a very clean API to work with. The Juggernaut Firewall interface represents our attempt to integrate CSF fully into Plesk (It took almost a year to write). Also we've added additional things like a modsecurity audit log viewer, IP lookup tools, multi-language support, skin support etc. Also note that we also regularly donate money back to Chirpy to support the project in addition to submitting Plesk related issues and fixes that so that he can integrate them info CSF directly.

Cheers!
 
Not sure if it was an update that did it, but at some point recently, our Deny permanently list shows as empty. I see lots of permanent blocks in the "advanced deny filters" area.
I'm guessing the page is simply not reading the file properly. I can see temp blocks fine. any suggestions?
 
Back
Top